I am new to Kerberos and apologize in advance if this question has already
been answered. I've been searching the web and everywhere I could to find a
solution to my problem and hope someone can help me. I am using Kerberos
with Windows Server 2003 and Apache v2 web server installed on a windows
2003.

I need to compile mod_auth_kerb on apache v2 that is running on Windows. I
need the mod_auth_kerb.so file. I've attempted to compile it on windows and
it won't work. Does anyone know a solution for me? Please help me I am
desperate to get it to work. Thank you in advance!!

Cheers!
Fallon

10-02-2007, 01:38 PM

unix

Re: mod_auth_kerb

You can try mod_spnego from [url]http://sourceforge.net/projects/modgssapache[/url]
which has been tested on Windows.

Markus

"Fallon" <fallon@falloncarter.com> wrote in message
news:DL6dnY2zO6ZEHCbeRVn-gQ@comcast.com...[color=blue]
>I am new to Kerberos and apologize in advance if this question has already
>been answered. I've been searching the web and everywhere I could to find a
>solution to my problem and hope someone can help me. I am using Kerberos
>with Windows Server 2003 and Apache v2 web server installed on a windows
>2003.
>
> I need to compile mod_auth_kerb on apache v2 that is running on Windows. I
> need the mod_auth_kerb.so file. I've attempted to compile it on windows
> and it won't work. Does anyone know a solution for me? Please help me I am
> desperate to get it to work. Thank you in advance!!
>
> Cheers!
> Fallon
>[/color]

10-02-2007, 01:39 PM

unix

Re: mod_auth_kerb

Fallon wrote:[color=blue]
> I need to compile mod_auth_kerb on apache v2 that is running on Windows.[/color]

As Markus suggests, you should try something else instead. mod_auth_kerb
doesn't work on Windows, period. (Well, you could also compile MIT
kerberos, but I doubt that would gain you anything).

So why precisely do you need mod_auth_kerb? What is the real problem
you want to solve?

Regards,
Martin

10-02-2007, 01:39 PM

unix

Re: mod_auth_kerb

Fallon,

modgssapache has two modules. Only mod_spnego can be used with Apache 2.x.
The readme has detailed instructions for Windows. It also contains the
VisualStudio project files.

2.2 Windows
Install Apache 1.3 or Apache 2.0.
For Apache 1.3, define the environment variable APACHE13DIR to point to

Apache 1.3. For example:

echo %APACHE13DIR%
C:\Program Files\Apache Group\Apache
For Apache 2.0, define the environment variable APACHE2DIR to point to

Apache 2.0. For example:

echo %APACHE2DIR%
C:\Program Files\Apache Group\Apache2

Build OpenSSL.

Define the environment variable OPENSSLDIR to point to OpenSSL. For example:
echo %OPENSSLDIR%
C:\external\openssl-0.9.7b

Build fbopenssl.

Define the environment variable FBOPENSSLDIR to point to fbopenssl. For
example:
echo %FBOPENSSLDIR%
C:\frank\src\fbopenssl

Build MIT GSS-API.

Define the environment variable KRB5DIR to point to MIT KRB5. For example:
echo %KRB5DIR%
C:\external\kfw-2.1.2

Install mod_spnego. Note that mod_spnego is named mod_spnego.so on Windows,
not mod_spnego.dll.

Regards
Markus

"Fallon" <fallon@falloncarter.com> wrote in message
news:HPKdnf3hr_sWjiPenZ2dnUVZ_vydnZ2d@comcast.com...[color=blue]
> Hi Martin-
> My main goal is to integrate Kerberos network authentication to the web
> application Windchill which is from ptc. I need to authenticate Windchill
> users from MS Active Directory through the Kerberos authentication server.
> The application uses Apache 2.0.55 web server as well Tomcat. The
> environment used is Windows Server 2003. So I am open to any suggestions
> to get this authentication to work.
>
> Today I played with modgssapache and was unable to get it working. this
> could be due to my lack of experience. I am really desperate at the moment
> so any suggestions, ideas, help would be greatly appreciated.
>
> Thanks!!
> Fallon
>
>
> ""Martin v. L÷wis"" <martin@v.loewis.de> wrote in message
> news:43bc6bbd$0$8421$9b622d9e@news.freenet.de...[color=green]
>> Fallon wrote:[color=darkred]
>>> I need to compile mod_auth_kerb on apache v2 that is running on Windows.[/color]
>>
>> As Markus suggests, you should try something else instead. mod_auth_kerb
>> doesn't work on Windows, period. (Well, you could also compile MIT
>> kerberos, but I doubt that would gain you anything).
>>
>> So why precisely do you need mod_auth_kerb? What is the real problem
>> you want to solve?
>>
>> Regards,
>> Martin[/color]
>
>[/color]

10-02-2007, 01:39 PM

unix

Re: mod_auth_kerb

Fallon wrote:[color=blue]
> My main goal is to integrate Kerberos network authentication to the web
> application Windchill which is from ptc. I need to authenticate Windchill
> users from MS Active Directory through the Kerberos authentication server.
> The application uses Apache 2.0.55 web server as well Tomcat. The
> environment used is Windows Server 2003. So I am open to any suggestions to
> get this authentication to work.[/color]

I have no personal experience with that, but I think you might be
able to add Negotiate support into Tomcat directly, using gssapi-valve:

[url]http://devel.it.su.se/pub/jsp/polopoly.jsp?d=1047&a=3780[/url]

Regards,
Martin

10-02-2007, 01:39 PM

unix

Re: mod_auth_kerb

Fallon,

modgssapache has two modules. Only mod_spnego can be used with Apache 2.x.
The readme has detailed instructions for Windows. It also contains the
VisualStudio project files.

2.2 Windows
Install Apache 1.3 or Apache 2.0.
For Apache 1.3, define the environment variable APACHE13DIR to point to

Apache 1.3. For example:

echo %APACHE13DIR%
C:\Program Files\Apache Group\Apache
For Apache 2.0, define the environment variable APACHE2DIR to point to

Apache 2.0. For example:

echo %APACHE2DIR%
C:\Program Files\Apache Group\Apache2

Build OpenSSL.

Define the environment variable OPENSSLDIR to point to OpenSSL. For example:
echo %OPENSSLDIR%
C:\external\openssl-0.9.7b

Build fbopenssl.

Define the environment variable FBOPENSSLDIR to point to fbopenssl. For
example:
echo %FBOPENSSLDIR%
C:\frank\src\fbopenssl

Build MIT GSS-API.

Define the environment variable KRB5DIR to point to MIT KRB5. For example:
echo %KRB5DIR%
C:\external\kfw-2.1.2

Install mod_spnego. Note that mod_spnego is named mod_spnego.so on Windows,
not mod_spnego.dll.

Regards
Markus

"Fallon" <fallon@falloncarter.com> wrote in message
news:HPKdnf3hr_sWjiPenZ2dnUVZ_vydnZ2d@comcast.com...[color=blue]
> Hi Martin-
> My main goal is to integrate Kerberos network authentication to the web
> application Windchill which is from ptc. I need to authenticate Windchill
> users from MS Active Directory through the Kerberos authentication server.
> The application uses Apache 2.0.55 web server as well Tomcat. The
> environment used is Windows Server 2003. So I am open to any suggestions
> to get this authentication to work.
>
> Today I played with modgssapache and was unable to get it working. this
> could be due to my lack of experience. I am really desperate at the moment
> so any suggestions, ideas, help would be greatly appreciated.
>
> Thanks!!
> Fallon
>
>
> ""Martin v. L÷wis"" <martin@v.loewis.de> wrote in message
> news:43bc6bbd$0$8421$9b622d9e@news.freenet.de...[color=green]
>> Fallon wrote:[color=darkred]
>>> I need to compile mod_auth_kerb on apache v2 that is running on Windows.[/color]
>>
>> As Markus suggests, you should try something else instead. mod_auth_kerb
>> doesn't work on Windows, period. (Well, you could also compile MIT
>> kerberos, but I doubt that would gain you anything).
>>
>> So why precisely do you need mod_auth_kerb? What is the real problem
>> you want to solve?
>>
>> Regards,
>> Martin[/color]
>
>[/color]

10-02-2007, 01:42 PM

unix

Re: mod_auth_kerb

Thank you for all your support to get mod_spnego configured. I finally did
get it compiled and deployed. In the read me file there was references to
setting up the logging but they didn't make sense. I was hoping you could
explain how I can set up the logging in order to test the authentication is
working properly.

Kindest Regards,
Fallon

10-02-2007, 01:42 PM

unix

Re: mod_auth_kerb

You can set the Apache LogLevel to debug to get more logging of what goes
on.

Markus

"Fallon" <fallon@falloncarter.com> wrote in message
news:L82dnY0vzrbgtEjenZ2dnUVZ_tudnZ2d@comcast.com...[color=blue]
> Thank you for all your support to get mod_spnego configured. I finally did
> get it compiled and deployed. In the read me file there was references to
> setting up the logging but they didn't make sense. I was hoping you could
> explain how I can set up the logging in order to test the authentication
> is working properly.
>
> Kindest Regards,
> Fallon
>[/color]